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Email scammers target university students 


By Shaun Nichols in California 



Researchers at Sans said that the attacks are being disguised as messages from administrators who are 
performing a "database update". 

The messages state that in order to keep their email accounts, the students must "verify" the accounts by replying 
to the message with such account details as user names, passwords, and the student’s date of birth. 

Researcher Mark Hofman wrote in a report posted on the Internet Storm Center blog that the attacks appear to be 
similar to a wave of phishing attacks on European ISPs that were spotted earlier this year. 

The attackers use email addresses with the name of the school, though the accounts are hosted by an external 
e-mail service such as Hotmail. 

Hofman noted that because the attack targets individual students, few messages are sent and the emails will often 
slip past spam filters, 

The researcher suggests that administrators should be on the lookout for a large volume of incoming messages 
from the same address, as well as a large volume of messages with multiple recipients. Students should also be 
warned about the attacks, said Hofman. 


Source: http://uk.news.yahoo.com/ 
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This module will familiarize you with: 

V_ ) 

• Ways of Getting Email Account Information 

• Vulnerabilities 

• Tools 

• Security Techniques 

• Creating Strong Passwords 

• Sign-in Seal 
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Hacking email accounts has become a serious threat 


Email accounts are the repositories where people store their private 
information or even their business data 


Due to the widespread use of the Internet techniques and tools 
hacker can access the user ID and email password 
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Stealing Cookies 

^_ 
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Social Engineering 

V _ 

/ 

Password 

Phishing 

V ___ 
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If a web site uses a cookie, or a browser contains the 
cookie, then every time you visit that website, the 
browser transfers the cookie to that website 


If a user's cookie is stolen by an attacker, he/ she can 
impersonate the user 

If the data present in the cookies is not encrypted, 
then after stealing the cookies an attacker can see the 
information which may contain the username and the 
password 
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Social engineering is defined as a "non-technical kind of intrusion 
that relies heavily on human interaction and often involves 
tricking other people to break normal security procedures." 


Social engineering hackers persuade a target to provide 
information through a believable trick, rather than infecting a 
computer with malware through a direct attack 

Most of the persons unwittingly give away key information in an 
email or by answering questions over the phone such as names of 
their children, wife, email ID, vehicle number and other sensitive 
information. 


Attacker use this information for hacking email accounts 
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The process of tricking user to disclose user name and password by 
sending fake emails or setting up fake website which mimics sign-in 
pages is called phishing 


After gaining Username and password, fraudsters can use personal 
information to: 



Commit identity theft 


r 

Charge your credit card 

Clear your bank account 

m 

r 

Change the previous password 
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You might receive an e-mail message from 
bank asking for updated information 


The message provides the target user with a 
link to a legitimate site but redirects the 
user to a spoofed one 



That message ask for Login, password, and 
other sensitive information 


Attacker can use this information for 
hacking email accounts 
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Caution: Scam Warning Is A Scam 

Warning' asks bank customers to call a toll-free number 

By Mark Huffman 
ConsumeiAffairs.Com 

February 11, 2008 

You've got to hand it to those identity 
thieves - they're usually a step ahead 
of the banks whose customers are 
their primary targets. 

When a spam email went out last 
month, disguised as a message from 
Valley National Bank's security 
department, the bank quickly 
responded, posting a warning on its 
Web site. 


Source: http://www.consumeraffairs.com/ 
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"A fraudulent e-mail has circulated to some Valley customers 
claiming that the bank has temporarily suspended their account 
due to "Billing Failure," the warning states. "This e-mail also 
provides a link to click on in order to complete an account update 
to unlock their account." 
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While using web based email service, after clicking a link present in 
the email body, it transfers from URL of the current page (webmail 
URL) to the next page (link present) 


This information is transmitted through third party web servers 


Information can include: 


Miljll.Vahoo.com/ym/iDriuwLdLlbf ,'Ljua-IhL 
£MsgId=240_1916298_12822_1346_ 

Til n 'H i n ii 11 i!~ sarch=&YY=B2346frnrripr=rin yfnMrnrt- 

=date8;pos=0 


ITT IIM Min Tulin 
5_654_0_3386&NEX^ 


• Email address 

• Login ID 

• Actual name 

BC-Gouncil 



f i y 1 11 d 11 . 11 idine.i* 
iorell:planetmail.comS;fo 

uid=10184555908driv 


scripts/mail/mesg.mail?login = 
er=INBOX8iOrder=Newest8i 



http://qmail.pdq.net/MB 
5CB38F37/MSG: 1 


]^lsfranks(gipdq.net/ID^ 
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The confidentiality of email can be brought down 
by the micro virus like Reaper Exploit 

Reaper Exploit works in the background and 
sends a copy of reply or forwarded mails to the 
hacker 

This exploit uses the fimctionality of DHTML in 
Internet Explorer, used by Microsoft outlook 


Email clients who make use of the internet 
explorer as their HTML engine are vulnerable 

Email scripting should be turned off, to prevent 
from this attack 
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Tool: Advanced Stealth Email 
Redirector 


This program monitors outgoing traffic 
of the target PC's email client and 
intercepts all the messages sent from it 


Intercepted emails are forwarded to a 
pre-specified email address 


Arivaffftftd Stealth FmaN PArlirwter 


Geneial settings 
□ Redirectr is active 


[report key 


Set password 


Email Address, where at 1 outgoing emails will be copied to .. . 


Q Override defaufe SMTP service port: 


25 


About 


CK 


Canoe! 


Advanced SER does not intercept emails 
sent from web-based email services like 
www.yahoo.com,www.hotmail.com etc 
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Mail PassView is a small password-recovery tool that reveals 
the passwords and other account details for the following 
email clients: 

^ _ ) 

• Outlook Express 

• Microsoft Outlook 2000 (POP3 and SMTP Accounts only) 

• Microsoft Outlook 2002/ 2003/ 2007 (POP3, IMAP, HTTP and SMTP 
Accounts) 

• Windows Mail 

• Netscape 6.x/7.x 

• MozillaThunderbird 

• Group Mail Free 

• Yahoo! Mail - If the password is saved in Yahoo! Messenger application 

• Hotmail/ MSN mail - If the password is saved in MSN Messenger 
application 

• Gmail - If the password is saved by Gmail Notifier application, Google 
Desktop, or by Google Talk 
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Mail PassView 


File Edit View Help 


□Txl 


Name 

Application 

Email 

Server 

Type 

User 

Password 

OMr, Bean 

Eudora 

mrbean@mrbean. com 

10.10.10.10 

IMAP 

bean 

BlueCar 

E3 Nir Sofer 

Outlook Express 

nirsoft@abcdefg.com 

mail.abcdefg.com 

POP3 

nirsoft 

126abflP 

Rainbow 

IncrediMail 

rainbow@test.com 

192.168.12.12 

SMTP 

rainbow 

tornado 

H^lTest User 

IncrediMail 

te5t@te5t.com 

192.168.10.10 

POP3 

test 

BigDog86 




4 item(s)j 1 Selected 
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f ^ 

Email Password Recovery Master is a program 

that displays logins and passwords for email 
accounts stored by: 

V_ 

• Eudora 

• The Bat! 

• Becky 

• IncrediMail 

• Gmail Notifier 

• Group Mail Free 

• PocoMail 

• Forte Agent 

• Mail.Ru Agent 

• Scribe 
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Mail Password is a universal password recovery tool for POP3 email 
accounts 


It recovers all POP3 email logins and passwords stored on your 
computer by your email software 


Mail Password emulates a POP3 server and the E-mail client returns 
the password 


It supports all email programs, including Outlook, Eudora, The Bat! 
and more 
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Mail Password is an universal password recovery tool for POP3 
email accounts. It recovers all POP3 email logins and passwords 
stored in your computer by your email software. Mail Password 
supports ALL email programs. Mail Password temporarily emulates 
your mail server and intercepts all requests addressed to it. When 
you check for a new mail in your email software, your email 
software has to submit login information (including the password) 
to the server, so Mail Password can intercept and display the login 
information. 


9 


Very Important Note 

1. Mail Password DOES NOT recover passwords to web-based email 
accounts such as yahoo or hotmail. 

2. Mail Password DOES NOT allow to hack somebody's else email password. 
It just extracts password information stored locally in your computer (if 
any). 


Exit 


■€ 


Register 


Start recovery 


(c) LastBit Software 
Licensed to: Tima 


Program's home page: http://lastbit.com/mailpsw 


■■■■■ 
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Email Finder Pro extracts business emails from a file or a directory containing 
files 

Fast and simple email address extraction utility 
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Email Spider Easy is a targeted bulk email 
marketing software 


Quickly and automatically search and spider from 
search engine to find e-mail addresses 


Integrated with 90 top popular search engines: 
Yahoo, Google, MSN, AOL, and so on 


Fast search speed allows upto 500 email extraction 
thread simultaneously 
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Figure: Email Spider Easy 
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Kernel Hotmail MSN Password 
Recovery 


Kernel Hotmail &MSN Password Recovery software 
recovers the stored or saved password of the 
Hotmail and MSN Messenger account from your 
computer 


Supports all versions of MSN Messenger 
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Kernel Hotmail MSN Password 
Recovery: Screenshot 
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Retrieve Forgotten Yahoo Password cracks Gmail, Yahoo passwords 
It retrieves encrypted characters hidden behind asterisk**** 

It restores hacked pop3 email IDs and passwords 


( 


Features: 



J 


• Decodes the coded user and owner password which provides the 
standard security to prevent PDF files from copying, printing, and 
editing 

• It reveals the Yahoo, Hotmail, Gmail, Indiatimes, Rediffmail, and 
MSN account passwords 
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Ad-***? 


=j Nfl;p 5 i // www. tpotfa .tqthfAcr CfLrts/Sei* vk, eLcgin?^ £■=nrrsfljpii prrt «=> t r Ln?i±r 3 JJ.‘ c ^z^ 3 =' c ;H ? ^Jnrii ad - gwu^s. e; c»i ‘ft^Fmad P 43 F Lifts v 


Gm il 


Welcome to Gmail 




■n^mb-er me\ Shis. 


fidld Doctor Password Unmask 


,0(£E*3 


Sign 

Account 

Userntfrie. mac^dncpFO 

Pas sv.4 id *■ *m* * 4~ ■ 4 


PitouM FGUiQaii 


X- 703 .Y B- 3 Q S 


Sign in j 


iVkndchiV 0 *fn>po 




Wo 01 1 0 1 'Zl 1 ZZ|'docpiote?.l 


Paea^md !&■1 


Learn more eftoui.Gmail 

Check cut our mw features * 
Afew^rds abcn 


ie^ujre eke 

C \PrGgrajBFil«MnlflftieJ E^pfeuef 


Uu^'.ilt: r%’.VTH£ 


Htaiule PilIM 






* Keep il nit in cfmtejtl. 

Each message is grouped wilh all its replies and displayed as a continsalian. 
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Figure: Retrieve Forgotten Yahoo Password 


Copyright © by EC-Gound I 
All Rights Reserved. Reproduction is Strictly Prohibited 































TM 


C EH MegaHackerZ 

Certified Ethical Hacker 


MegaHackerZ helps you crack passwords to any email address 
It will help you to get the password you desire, instantly 

-Ini xl 


, D H 1 tii If -71 


Software 

Protocol 

User 

Password I 

© Miranda 

Jabber 

jaberl2345 

KSmnjBl 

© MSN Messenger 

MSN Messenger 

nhhggttf@hotmail.com 

lPlki98W2 

O Netscape-AOL Instant Messenger 

AOL Instant Messenger 

aol26612 

POBSTfRh 

O Trillian 

MSN Messenger 

msnh765 

OiJJhygtr ' 

O Trillian 

Yahoo! Messenger 

yahoo123d 

kijUsce 

O Yahoo Messenger 

Yahoo! Messenger 

nirsoft821 

AcGGStyrr 





6 accounts); 1 Selected 



m 


Copyright © by EC-Gound I 

EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited 



File Edit View Help 

























TM 


C EH Hack Passwords 

Certified Ethical Hacker 


The Email Password hacking software will get you any Password you 
need 

It allows to take command and control of any email 
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G3 New ▼ Reply 


Inbox (8) 

* 

Lf Junk * 


Drafts 


Sent 


■o Deleted (1___ 


, Curriculu... 

= 

pj Family 


[g Friends 


[g MAERSK 


[gpics 


[gRene 


1 5? Unicomer 


IINTTFC r-Jt 

’ r 

Today 

(JZ1 Mail 

|a=l Contacts 

H Calendar 

|»%% k CHANGING 

11 1 1 1 Ml WOULD 

Switch to classic 


Privacy Statement 


^ Reply all ^ Forward ^ Delete Junk ▼ 6 SB Move to ▼ ^5 Check mail [s^ Options ▼ 


Sort by Date ▼ 


£ 

& 

& 

Birthday Reminder 

Birthday Reminder 

Birthday Reminder 

Second Reminder for Terencio Sierra’s Birthday on Thursday December 27th 

First Reminder for Terencio Sierra's Birthday on Thursday December 27th 

Birthday Reminder from BirthdayAlarm.com 

3 KB * 

3 KB C=;i 
30 KB 


Hilda Sierra 




Carol Jessie 

ITS BIRTHDAY TIME FOR DOMINICK MICHAEL AND TIFFANY LYNN 

3 KB 

Li 

Hilda Sierra 

RE: hola mama 

3 KB ^ 

Messages 1 

- 50 of 62 


► M 


RE: hola mami 

From Hilda Sierra (1 1 

Sent: Sat 12/17/05 7:1S" 

HACK PASSWORDS 
V2.0 

Full message view * 

Hola , hija, como estas, espero que tus navidades ; 

anticipadas, las esten 



pasando bien, recibi hasta hoy que vine donde carmen el mensaje, que me 
enviate, pues el dia de antier aandube dando muchas vueltas, pues carmen 
tuvo un accidente, le atropellaron, y la llevaron al hospital, la levanto un 
carro, y ella y nury salieron heridas, bueno pero ya hoy que estoy en casa 
de ella, esta mejor, mire a Andy en carro nuevo... no se si es del papa o de 
la mama,, te queria recordar, que no se te olvide el estuche de sombras, 
para esta temporada en las tiendas grandes hay y lo conseguis a 10, o 15 
dolares, no te olvides de traer uno....saludes a tita gerry las bebes, y 
rene ....tu mama hilda 
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Best way to protect from hackers is to use the strong password 
A strong password is one which cannot be determined by automated programs 


A strong password contains: 


• Seven to sixteen characters 

• Choose a phrase or combination of words 

• Uses three of the following four types of 
characters: 

• Uppercase letters (A, B, C) 

• Lowercase letters (a, b, c) 

• Numerals (1, 2 , 3) 

• Special characters (' ~! @ #$ % ^ &* ()_+-={} | 
[]\:V <>?,./) 
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Sorry That You're Having Trouble Signing In 

We know that not being able to sign in can be frustrating, so well try to make this as quick and easy as possible. To get started, 
enter your Yahoo! ID and let us know if you've ever used a credit card with Yahoo!. 


What’s your Yahoo! ID? 


Yahoo! ID: 


I dont know my Yahoo! ID 



Continue 


Cancel 
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Sign-in seal protects account from 
priishing 


Sign-in seal is a custom text or image 
set up by the user on the computer 


User needs to create different sign-in 
seal for different browsers and 
computers 


Do not create sign-in seal on networked 
computer 


EC-Cbuncil 


w 


/at 


Protect users on this computer against 
password theft [ 11 phishing") with a 
recognizable sign-In seal. 

Create one now — It's fast and easy, 

What's this? 


in though you are 
pnal information. 

prompting-up to two 
s Edit link for Memt>er 


>ur password when 
ount llnfo. 



Yahoo! ID: faetoryjoe 
Password: |~ 


Sign In 


Forget your ID or password? | Help 


Not faetoryjoe? 

Sign In as a different user. 



Copyright © by EC-Gound I 
All Rights Reserved. Reproduction is Strictly Prohibited 





























TM 


C EH Alternate Email Address 

Certified Ethical Hacker 


Alternate email address are prompted at signup 


At the time of password recovery, passwords can be sent to the 
alternate email address 


111 case you forget your ID or password... 

< '^'Alternate Emaii 

a b c321 @ttt .cqiti_^> 

Security Question 

What is your pet's name? 

Your Answer 



Use 4 characters or more — not case sensitive. 
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When you login on any site, there is checkbox like 
"Keep me signed in" or '"Remember Me" 

Already have a Yahoo! ID? 

Sign in. 


If you select this option, next time it will 
automatically open your account in same computer 


Yahoo! ID: 
Password: 



If attacker handles such a system, he will get access 
to the email account 


If you are using a public computer, it is 
recommended that you uncheck the checkbox 
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Internet Service Provider (ISP) stores copies of 
all your email messages on its mail servers 


All the information kept on the servers can be 
easily used against you 


Email Security always breaks email messages 
addressed to a group of people to individual 
messages to ensure your as well as respondent’s 
security 
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Email Security 


Statistics 


Messages Sent: 
Sending Errors: 


DNS Server 

® Autodetect DNS Server (Recommended) 
o Use Specific Server 


Apply 


SMTP Port 


0 Standard SMTP Port (Recommended) 

0 Use Specific Port 


25 


Apply 


] Accept connections from this computer only 


nnnnn 

uiui&iiBiii 

Zero 

nnnnp 

lhuiuiuio 

Zero 


Server Load 


tfij) Use port 25 in voui email proqiam along with localhost! 
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Figure: Email Security Main Window 





Online Help 


Home Page 


0 

Buy Program 


View Log 


Configure 


* 

Exit Program 
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Tool: EmailSanitizer 
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EmailSanitizer is a filter between the incoming email server, and your 
computer 


EmailSanitizer Lets you keep track of how much spam is being 
stopped and how many viruses are being destroyed 
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SuperSecret provides secure storage for all of your logins and 
passwords so that you only have one password to remember 
from now on 


Only one password is required to use SuperSecret 


All of your other account and password information is stored 
securely in an encrypted format on your computer and can be 
accessed only with your one and only password 
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Username and password can be revealed if it is stored in cookie and is 
not encrypted 


The confidentiality of email can be brought down by the micro virus 
like Reaper Exploit 


A strong password is one which cannot be determined by automated 
programs 
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Copyright 2005 by Randy Glasbergen. 



“For security purposes, the information should make 
no sense at ail to spies and hackers* We’ll bring in 
someone later to figure out what you meant*” 
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Copyright 2004 by Randy Gflasbergen. 
www. g la sbcrgcn .com 



"The boss is worried about information security, 
so he sends his messages one alphabet letter 
at a time in random sequence/ 
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